php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #18332 is_readable/is_writable/is_executable support under safe mode
Submitted: 2002-07-13 18:31 UTC Modified: 2013-03-02 18:39 UTC
Votes:2
Avg. Score:4.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:2 (100.0%)
From: ilia at prohost dot org Assigned: reeze (profile)
Status: Closed Package: *General Issues
PHP Version: 4.2.1 OS: any
Private report: No CVE-ID: None
View Developer Edit
 [2002-07-13 18:31 UTC] ilia at prohost dot org 
It would be very useful if is_readable/is_writable/is_executable
series of functions would work with safe mode. Currently is_writable() will report a file that in reality cannot be accessed undersafe mode is writeable, which is clearly misleading.

At least, could the manual be modified in such a way as to document that those functions will not work properly under safe_mode.

Patches

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-15 21:52 UTC] yohgaki@php.net 
I think stat function can be used to know actual permissions. is_* function supposed to return if current process can do something or not. IMO.

We may need to change doc a bit. -> Documentation Problem
 [2002-09-22 16:37 UTC] iliaa@php.net 
In the current release of the manual is_readable/is_writable now mention the fact that they will not check safe_mode limitation. The is_executable however, still needs to be documented.
 [2002-09-24 21:55 UTC] ekilfoil@php.net 
I recently ran into this same problem.  With the open_basedir config option set, is_readable() can report unexpected results.

Perhaps a solution may be to run through all of the security checks that fopen goes through and find out if the file is readable.  Another solution would be to actually just flat out open the file with php_fopen() for read or append (for is_writable()) and see what is returned.

Perhaps an argument can be added such as:

is_readable(STRICT) where STRICT checks everything

is_readable(STRICT | ATTEMPT) would actually attempt the open.

I'm just throwing out ideas.  My problem is that I would like a way to guarantee that no errors or warnings are returned by a call to fopen() with the E_ALL error level set.  I was using:

file_exists() && is_readable()

I can't think of any check to perform other than writing a function in my script that does a "safe" open such as:

function is_truly_readable()
{
  $e = error_reporting(0);
  if ($f = fopen($file, "r"))
  {
    fclose($f);
    error_reporting($e);
    return(TRUE);
  }
  error_reporting($e);
  return(FALSE);
}
 [2013-03-02 18:39 UTC] reeze@php.net 
Safe mode was gone.
 [2013-03-02 18:39 UTC] reeze@php.net
-Status: Open +Status: Closed -Package: Feature/Change Request +Package: *General Issues -Assigned To: +Assigned To: reeze
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Aug 14 08:01:27 2024 UTC